1

Governance Risk Compliance Jobs (NOW HIRING)

next page

Showing results 1-20

Governance Risk Compliance information

See salary details

$31.5K

$68.7K

$112K

How much do governance risk compliance jobs pay per year?

As of Jul 17, 2026, the average yearly pay for governance risk compliance in the United States is $68,732.00, according to ZipRecruiter salary data. Most workers in this role earn between $49,000.00 and $86,500.00 per year, depending on experience, location, and employer.

Is GRC an entry level job?

Governance, Risk, and Compliance (GRC) roles can be entry-level or require experience depending on the specific position. Entry-level GRC jobs typically focus on supporting compliance activities and may require basic knowledge of regulations and tools like audit software, while more advanced roles demand prior experience and specialized certifications.

Is governance risk and compliance a good career?

Governance, Risk, and Compliance (GRC) is a growing field that offers opportunities in managing organizational policies, regulatory requirements, and risk mitigation. It often requires knowledge of industry standards, certifications like CISA or CRISC, and strong analytical skills. The role provides stability and advancement potential in various industries, including finance, healthcare, and technology.

What is the work of governance risk and compliance?

Governance, Risk, and Compliance (GRC) professionals develop and implement policies to ensure organizations adhere to legal and regulatory requirements, manage risks effectively, and maintain ethical standards. They often use tools like risk assessments, audits, and compliance frameworks to identify vulnerabilities and ensure organizational integrity. The role requires strong analytical skills and knowledge of industry regulations.

What Are Jobs in Governance, Risk and Compliance?

Governance risk compliance (GRC) is a method for managing and strategizing an organization's regulations regarding governance, financial or physical risk, and regulatory compliance. It aligns the IT aspects with business objectives and works to improve the efficiency of a company. There are GRC consultants and GRC analysts who provide an assessment of a business’s GRC, identify risks, analyze the data, develop policies to benefit the workplace, and consult on the best choice of action. Your duties may involve optimizing GRC systems, implementing tactics to lower risk, providing internal audits, assisting with cybersecurity, creating routine reports, and ensuring regulatory compliance.

What is the salary of governance risk compliance?

The salary for a Governance, Risk, and Compliance (GRC) professional typically ranges from $70,000 to $130,000 annually, depending on experience, location, and certifications such as CISA or CRISC. Entry-level roles may start lower, while senior positions or those in high-demand industries can earn higher salaries.

What is Governance, Risk, and Compliance (GRC)?

Governance, Risk, and Compliance (GRC) is a coordinated strategy that organizations use to manage overall governance, enterprise risk management, and compliance with regulations and standards. GRC professionals help organizations align their business objectives with risk management practices and regulatory requirements. This role involves identifying potential risks, implementing policies to mitigate those risks, and ensuring that the organization adheres to legal, ethical, and internal standards. Effective GRC management can improve decision-making, optimize processes, and protect the organization from financial or reputational harm.

How does a Governance, Risk, and Compliance (GRC) professional typically collaborate with other departments within an organization?

GRC professionals work closely with a variety of departments, including IT, legal, finance, and operations, to ensure that organizational policies and regulatory requirements are consistently met. Collaboration often involves leading risk assessments, facilitating compliance training, and coordinating audits to identify and mitigate potential risks. Effective communication and relationship-building are key, as GRC teams must translate complex regulations into actionable steps for different business units. This cross-functional approach helps embed a culture of compliance and risk awareness throughout the organization.

What is the difference between Governance Risk Compliance vs Risk Analyst?

AspectGovernance Risk ComplianceRisk Analyst
CertificationsCRISC, CISA, CISSPCFA, FRM, CRISC
Work EnvironmentCorporate, regulated industriesFinancial, consulting firms
Employer & Industry UsageFinancial institutions, healthcare, governmentBanking, investment firms, insurance

Governance Risk Compliance focuses on establishing policies, ensuring regulatory adherence, and managing enterprise-wide risks. Risk Analysts primarily assess specific financial or operational risks through data analysis. While both roles involve risk management, Governance Risk Compliance has a broader scope related to organizational compliance and governance frameworks, whereas Risk Analysts concentrate on analyzing and quantifying particular risks.

What are the key skills and qualifications needed to thrive as a Governance Risk Compliance (GRC) professional, and why are they important?

To thrive as a Governance Risk Compliance professional, you need a solid understanding of regulatory frameworks, risk management principles, and policy development, often supported by a degree in business, law, or information security. Familiarity with GRC software platforms, compliance management systems, and certifications like CISA, CRISC, or CISSP is highly valuable. Strong analytical thinking, attention to detail, and effective communication skills set top performers apart in this field. These competencies are essential for ensuring organizational compliance, minimizing risks, and maintaining robust corporate governance.
What cities are hiring for Governance Risk Compliance jobs? Cities with the most Governance Risk Compliance job openings:
What are the most commonly searched types of Governance Risk Compliance jobs? The most popular types of Governance Risk Compliance jobs are:
What states have the most Governance Risk Compliance jobs? States with the most job openings for Governance Risk Compliance jobs include:
Infographic showing various Governance Risk Compliance job openings in the United States as of July 2026, with employment types broken down into 1% As Needed, 82% Full Time, 12% Part Time, 1% Temporary, and 4% Contract. Highlights an 93% Physical, 2% Hybrid, and 5% Remote job distribution, with an average salary of $68,732 per year, or $33 per hour.
Governance Risk & Compliance Analyst

Governance Risk & Compliance Analyst

System One

Denver, CO • Remote

Contractor

Medical, Dental, Vision, Life, Retirement

Posted 29 days ago


Job description

Job Title: Governance Risk & Compliance Analyst Location: Lakewood, CO Work Model: Hybrid – onsite and remote Overview System One is seeking a GRC Analyst for an opportunity in Lakewood, CO. The GRC Analyst is a member of the Governance, Risk & Compliance function within the Global Information Security Office and supports the implementation of company?wide security governance, risk management, and compliance programs. Under the direction of the GRC Functional Leader, the analyst contributes to policy development, risk oversight, and continuous improvement of the organization’s security posture. The role also works closely with regional Information Security Officers (ISOs) and cross?functional teams to support the deployment of global standards and local regulatory requirements. Responsibilities

  • Support information security risk assessments for new projects, systems, and business processes.
  • Assist in conducting internal control reviews (e.g., J?SOX), preparing audit materials, and coordinating responses to internal and external auditors.
  • Track and follow up on remediation actions to ensure timely closure of identified risks.
  • Contribute to drafting, updating, and maintaining global information security policies, standards, and procedures.
  • Review relevant laws, regulations, and industry frameworks (e.g., ISO 27001, NIS2) and incorporate stakeholder feedback into documentation.
  • Support the rollout and implementation of policies across regions.
  • Monitor adherence to security and regulatory requirements, including ISO 27001, NIS2, and GDPR.
  • Collect and organize compliance evidence, track corrective actions, and support certification and regulatory readiness efforts such as ISO 27001/42001 and NIS2 programs.
  • Conduct third party security risk assessments by distributing questionnaires, analyzing responses, verifying controls, and documenting results in the GRC tracking systems.
  • Identify and escalate high risk findings to the GRC Functional Leader and support follow up mitigation activities.
  • Participate in the planning and implementation of security awareness programs for all associates.
  • Create e-learning materials and training materials, conduct phishing email exercises, and distribute disseminated content on internal portals.
  • Monitor and analyze global regulatory developments related to cybersecurity with a focus on industrial control systems (ICS), IT environments, and critical infrastructure.
  • Assist in evaluating how new or updated regulations (e.g., NIS2, FDA cybersecurity expectations, industrial cybersecurity standards, or country specific critical infrastructure laws) impact company operations.
  • Track emerging obligations, document requirements, and support gap assessments to ensure timely compliance.
  • Assist in the preparation, maintenance, and continuous improvement of the CISO Dashboard by collecting, validating, and analyzing security metrics across the Global GRC function.
  • Compile key performance indicators (KPIs) and key risk indicators (KRIs) related to compliance status, audit findings, supplier risk, incident trends, training completion, regulatory readiness, and other relevant security domains.
  • Support the visualization and communication of security posture to senior leadership by ensuring data accuracy, timely updates, and clarity in reporting.
  • Support the development and enforcement of governance controls for the secure use of artificial intelligence technologies across the organization.
  • Identify risks related to AI systems—such as model security, algorithmic integrity, and misuse—and contribute to risk assessments and mitigation plans.
  • Help evaluate third party AI tools.
  • Support the development and improvement of GRC processes, tools, and documentation to enhance operational efficiency and standardization.
  • Assist in preparing reports, presentations, and materials for leadership reviews, steering committees, and cross functional meetings.
  • Participate in internal security projects and initiatives, including process automation, metrics development, and enhancements to governance workflows.
  • Provide coordination and administrative support for security committees, working groups, and regional GRC activities.
  • Perform additional duties as assigned to support the Global Information Security Office and the broader GRC program.
Requirements
  • 3 to 5+ years of experience in information security, governance, risk management, compliance, IT audit, or a related discipline.
  • Experience supporting security programs in global or regulated environments is a plus.
  • Understanding of global and regional information security regulations (e.g., data protection laws, cybersecurity requirements) and familiarity with security frameworks such as ISO 27001.
  • Knowledge of internal control frameworks (e.g., JSOX) and IT governance practices is highly desirable.
  • Experience supporting audit activities is preferred.
  • Experience with risk assessment methodologies, control evaluation, and vulnerability or issue management processes.
  • Strong analytical and problem-solving skills, with the ability to identify risks, assess impacts, and support the development and tracking of corrective actions.
  • Ability to communicate security requirements, policies, and audit findings clearly and persuasively with stakeholders across regions and business units.
  • Strong coordination skills to build consensus and drive compliance.
  • Industry certifications such as CISSP, CISA, CISM, ISO 27001 Lead Implementer/Auditor, or similar are preferred but not required.
  • Bachelor’s degree in information security, Cybersecurity, Information Systems, Computer Science, or a related field; or equivalent professional experience.
  • Familiarity with governance, risk, and compliance tools (e.g., BitSight, Drata, OneTrust, Archer, or similar) for managing risks, audits, and compliance workflows.
  • Working knowledge of cybersecurity concepts such as identity and access management, endpoint protection, vulnerability management, cloud security, and secure system design.
  • Experience supporting cross-functional security or compliance initiatives, including requirements gathering, documentation, and progress tracking.
  • Ability to interpret risk metrics, compliance data, and audit results.
  • Experience with dashboards, KPI/KRI reporting, or data visualization tools is a plus.
  • Awareness of emerging cybersecurity regulations (e.g., NIS2, AI governance frameworks, critical infrastructure rules) and their potential impact on enterprise operations.

System One, and its subsidiaries including Joulé and Mountain Ltd., are leaders in delivering outsourced services and workforce solutions across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan. System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law. #M-1 #LI-SG1 Ref: #558-Scientific